Redirecting Password Resets

If you maintain user passwords in a third-party user directory (like Active Directory or LDAP), you can redirect your users to an external (non-OneLogin) password reset site when they attempt to change their password using the OneLogin login screen or their OneLogin profile page.

Note. You don't need to use password reset redirects if all of your OneLogin users are managed in the same third-party user directory. In that case, you can set OneLogin to sync password changes made in OneLogin to the third-party directory of record, and a password reset redirect is unnecessary. The primary use case for the redirect is a multi-directory environment with different users in each directory.

You use user policies to set the redirect URL and provide an optional redirect message, which means that you can provide different password reset URLs and instructions for different groups of users. For example, you can create one policy for your "Active Directory US" directory and another for your "Active Directory Japan" directory, assigning the US policy to your US employees and the Japan policy to your Japanese employees.

To enable password reset redirects:

Go to Settings > Policies and either click New Policy to create a new policy or select an existing policy to update it.

On the Sign in tab of the policy edit page, enable the Redirect users to external site when resetting password option and add the password reset redirect URL.

You can also add an optional message.

You can use Markdown to format the message that users will see when they try to reset their password from the OneLogin login screen or their OneLogin profile page.

Click Save.

Assign the appropriate users to the policy.

You can set users to policies one-by-one by going to Users > All Users, selecting each user, and selecting the policy in the User Security Policy drop-down menu on the Authentication tab.

However, it is usually more efficient to assign the policy to groups and use mappings to assign users to groups.

Now whenever a user assigned to that policy tries to reset their password in OneLogin, they will be redirected to the URL you entered in the policy configuration. If you added a message, they will see it before they are redirected:

Event logging

An event is logged each time a user is redirected to an external site to reset their password.

USER_REDIRECTED_FOR_PASSWORD_CHANGE, event type id=238, displays on Activity > Events as <Firstname Lastname> redirected to an external site for password reset, and includes information about the redirect URL and user policy.